ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] need for clarification

2015-01-27 12:59:54
from [Steve Atkins] [Permanent Link] 

On Jan 27, 2015, at 8:43 AM, A. Schulze <sca(_at_)andreasschulze(_dot_)de> 
wrote:



Hello everybody,

Murray encourage me to ask here:

https://tools.ietf.org/html/rfc6376#section-3.3.3 say
 "Signers MUST use RSA keys of at least 1024 bits for long-lived keys."

and
 "Verifiers MUST be able to validate signatures with
  keys ranging from 512 bits to 2048 bits, and they MAY be able to
  validate signatures with larger keys."

Signer using a key larger then 2048 (like I do for years now) aren't  
inside the specification
because there is no MUST on the validation side.
From operational perspective I experience no drawback using 4k RSA  
keys for DKIM.


How do you know? A sender of email doesn't know whether the
mail they're sending has a signature that validates for all recipients.



I see these options:
 - the signer could use smaller keys and rotate them more often
 - the specification support other key types which gather same level  
of security with smaller keys
   ( elliptic curve crypto )
 - the specification REQUIRE validators to handle larger keys.

I would kindly ask for other options or advise.


RSA said that 2048 bit RSA keys are likely secure until 2030, NIST say
that they're acceptable for cryptographic signature generation.

Given that they're considered strong enough for real crypto problems,
they're definitely strong enough for the low-security, short time frame
task of providing some level of authentication about an email to a 
spam filter.

So there's no reason to use anything bigger than 2048 bits for DKIM,
I don't believe. I'd be far more concerned about other attacks on the
system, or even on the RSA algorithm, than I would be about people
brute-forcing 2048 bit keys this decade.

What advantage do you see to using larger keys?

Keys larger than 2048 bits could cause operational problems - as well
as being outside spec, they're going to be more expensive to handle
in software, too big to handle on some hardware (does anyone do that,
I wonder?) and they're going to make keys bigger, which might cause
problems with older DNS infrastructure.

How big is your DNS TXT record?

Cheers,
  Steve

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] need for clarification, A. Schulze
Next by Date:  Re: [ietf-dkim] need for clarification on key size, A. Schulze
Previous by Thread:  [ietf-dkim] need for clarification, A. Schulze
Next by Thread:  Re: [ietf-dkim] need for clarification, A. Schulze
Indexes:  [Date] [Thread] [Top] [All Lists]